<?php

$referer_limit = array('12301.cc', 'www.9117you.cn','9117you.cn','9117you.12301.cc');
$limit_flag    = false;
foreach ($referer_limit as $refer) {
    if (strpos($_SERVER['HTTP_REFERER'], $refer)) {
        $limit_flag = true;
        break;
    }
}
if (!$limit_flag) {
    $js = <<<JS
<script>alert('来源地址错误！');history.go(-1);</script>
JS;
    exit($js);
}
if (empty($_POST['passport']) || empty($_POST['password'])) {
    $js = <<<JS
<script>
var error=parent.window.document.getElementById('error');
error.innerHTML='*账号或密码不能为空!';</script>
JS;
    exit($js);
}

include_once '/var/www/html/new/d/common/func.inc.php';;
session_destroy();
header('P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
session_start();
include("../com.inc.php");
$yzm        = strtolower($_POST["yzm"]);
$passport   = htmlspecialchars($_POST["passport"]);
$password   = $_POST["password"];
$to         = strip_tags($_POST["to"]);
$from       = strip_tags($_POST["from"]);

if(p_match($passport)){
	echo "<script>var error=parent.window.document.getElementById('error');error.innerHTML='*账号存在非法字符!';</script>";
	exit;
}
$password=md5($password);
// $sel="select dname,status,id,password,derror,errortime,dtype,account,member_auth from pft_member where status in (0,3) and (account='".$passport."' or mobile='".$passport."') limit 1";
$sel= <<<SQL
select m.dname,m.status,m.id,m.password,m.derror,m.errortime,m.dtype,
m.account,m.member_auth,u.id as uid from pft_member m
left join pft_distributor_union_SE u on m.id=u.fid where
(m.account='{$passport}' or m.mobile='{$passport}')
 AND m.status in (0,3) limit 1
SQL;

$GLOBALS['le']->query($sel);
$GLOBALS['le']->fetch_assoc();
$status=$GLOBALS['le']->f("status");
$derror=$GLOBALS['le']->f("derror");
$errortime=$GLOBALS['le']->f("errortime");
$ps=$GLOBALS['le']->f("password");

if($status===null){
	echo "<script>alert('该账号不存在或已被停用!');</script>";
	exit;
}elseif($status==3){
	echo "<script>alert('该账号未审核，请联系客服进行审核');</script>";
	exit;
}elseif($derror>5 && (strtotime("now")-strtotime($errortime))<(0*30)){
	echo "<script>alert('登录错误次数超过5次!半小时内不可登录!');</script>";
	exit;
}
else{
	if($password!=$ps){
		$str=$derror==5?",errortime=now()":"";
		$upd="update pft_member set derror=derror+1".$str." where id=".$GLOBALS['le']->f("id")." limit 1";
		$GLOBALS['le']->query($upd);
		echo "<script>alert('密码错误!');</script>";
		echo "<script>parent.document.getElementById('ps').value='';</script>";
		exit;
	}
	else{
		$_SESSION['memberID']=$_SESSION['sid']=$GLOBALS['le']->f("id");
		$_SESSION['saccount']=$_SESSION['account']=$GLOBALS['le']->f("account");
		$_SESSION['dtype']=$_SESSION['sdtype']=$GLOBALS['le']->f("dtype");
		$_SESSION['dname']=$GLOBALS['le']->f("dname");
		$_SESSION['alliance']=$GLOBALS['le']->f("uid");
        if(ismobile($_SESSION['account'])){// 原散客
			$_SESSION['dtype'] = $_SESSION['sdtype'] = 5 ;
		}
		if($GLOBALS['le']->f("dtype")==6){//员工帐号
			$_SESSION['qx']=$GLOBALS['le']->f("member_auth");
			$sel="select parent_id from pft_member_relationship where son_id_type=2 and ship_type=1 and son_id=".$GLOBALS['le']->f("id")." limit 1";
			$GLOBALS['le']->query($sel);
			$GLOBALS['le']->fetch_assoc();
			$_SESSION['sid']=$GLOBALS['le']->f("parent_id");
			$sel="select dname,dtype,account from pft_member where id=".$_SESSION['sid']." limit 1";
			$GLOBALS['le']->query($sel);
			$GLOBALS['le']->fetch_assoc();
			$_SESSION['sdtype']=$GLOBALS['le']->f("dtype");
			$_SESSION['sdname']=$GLOBALS['le']->f("dname");
            // 价格新接口需要用到 account  因此员工账号获取父级账号
            $_SESSION['saccount']=$GLOBALS['le']->f("account");
		}
		elseif($GLOBALS['le']->f("dtype")==0 || $GLOBALS['le']->f("dtype")==1){
			$sel="select m.id from pft_member_relationship r LEFT JOIN pft_member m on m.id=parent_id where son_id=".$GLOBALS['le']->f("id")." and m.dtype=7 and r.status=0 LIMIT 1";
			$GLOBALS['le']->query($sel);
			$GLOBALS['le']->fetch_assoc();
			if($GLOBALS['le']->f("id")){
				$_SESSION['group']=$GLOBALS['le']->f("id");
			}
		}
		$upd="update pft_member set lasttime=now(),derror=0,errortime='' where id= ".$_SESSION['memberID']." limit 1";
		$GLOBALS['le']->query($upd);
		if($to)$url=$to;
	//	elseif($_SESSION['uu_distlvl']==4)$url="pastorder_t.html";
		else $url="home.html";
		if($from=="ajax"){
			echo 100;
		}
		else{

			if($_SERVER['HTTP_REFERER']=='http://www.9117you.cn/' || $_SERVER['HTTP_REFERER']=='http://9117you.cn/') $url = 'http://fx.9117you.cn';
			echo "<script>window.parent.location='".$url."';</script>";
		}
	}
}
?>